During Security Week 2025, we launched the industry’s first cloud-native post-quantum Secure Web Gateway (SWG) and Zero Trust solution, a major step towards securing enterprise network traffic sent from end user devices to public and private networks. But this is only part of the equation. To truly secure the future of enterprise networking, you need […]
Archive by Author
Cloudflare outage on February 20, 2026
On February 20, 2026, at 17:48 UTC, Cloudflare experienced a service outage when a subset of customers who use Cloudflare’s Bring Your Own IP (BYOIP) service saw their routes to the Internet withdrawn via Border Gateway Protocol (BGP). The issue was not caused, directly or indirectly, by a cyberattack or malicious activity of any kind. […]
Shedding old code with ecdysis: graceful restarts for Rust services at Cloudflare
ecdysis | ˈekdəsəs | noun the process of shedding the old skin (in reptiles) or casting off the outer cuticle (in insects and other arthropods). How do you upgrade a network service, handling millions of requests per second around the globe, without disrupting even a single connection? One of our solutions at Cloudflare to this […]
Google’s AI advantage: why crawler separation is the only path to a fair Internet
Earlier this week, the UK’s Competition and Markets Authority (CMA) opened its consultation on a package of proposed conduct requirements for Google. The consultation invites comments on the proposed requirements before the CMA imposes any final measures. These new rules aim to address the lack of choice and transparency that publishers (broadly defined as “any […]
Building a serverless, post-quantum Matrix homeserver
* This post was updated at 11:45 a.m. Pacific time to clarify that the use case described here is a proof of concept and a personal project. Some sections have been updated for clarity. Matrix is the gold standard for decentralized, end-to-end encrypted communication. It powers government messaging systems, open-source communities, and privacy-focused organizations worldwide. […]
Route leak incident on January 22, 2026
On January 22, 2026, an automated routing policy configuration error caused us to leak some Border Gateway Protocol (BGP) prefixes unintentionally from a router at our data center in Miami, Florida. While the route leak caused some impact to Cloudflare customers, multiple external parties were also affected because their traffic was accidentally funnelled through our […]
How we mitigated a vulnerability in Cloudflare’s ACME validation logic
This post was updated on January 20, 2026. On October 13, 2025, security researchers from FearsOff identified and reported a vulnerability in Cloudflare’s ACME (Automatic Certificate Management Environment) validation logic that disabled some of the WAF features on specific ACME-related paths. The vulnerability was reported and validated through Cloudflare’s bug bounty program. The vulnerability was […]
Astro is joining Cloudflare
The Astro Technology Company, creators of the Astro web framework, is joining Cloudflare. Astro is the web framework for building fast, content-driven websites. Over the past few years, we’ve seen an incredibly diverse range of developers and companies use Astro to build for the web. This ranges from established brands like Porsche and IKEA, to […]
Code Orange: Fail Small — our resilience plan following recent incidents
On November 18, 2025, Cloudflare’s network experienced significant failures to deliver network traffic for approximately two hours and ten minutes. Nearly three weeks later, on December 5, 2025, our network again failed to serve traffic for 28% of applications behind our network for about 25 minutes. We published detailed post-mortem blog posts following both incidents, […]
Innovating to address streaming abuse — and our latest transparency report
Cloudflare’s latest transparency report — covering the first half of 2025 — is now live. As part of our commitment to transparency, Cloudflare publishes such reports twice a year, describing how we handle legal requests for customer information and reports of abuse of our services. Although we’ve been publishing these reports for over 10 years, […]
